Tool for automated social engineering attacks
French researchers of Institut EURECOM have developed an automated social engineering tool, called HoneyBot PoC, that poses as a real human in Internet Relay Chats (IRC).
Tool uses a man-in-the middle attack and, instead of using artificial intelligence or some other form of logic to generate an answer, the bot just forwards one users message to other human user. On that way, it lets an attacker glean personal and other valuable information from victims. Also, the researchers were able to get users to click onto malicious links sent via messages 76 percent of the time. The next goal of this project is to automate social engineering attacks on social networks with aim to raise awareness about a new threat posed by sophisticated bots. The researchers conducted an experiment with the tool on Facebook which is lucrative attack surface because of the large number of novice users and the wealth of private data. They say that defending against an automated social engineering attack isn't easy because it is intent on human weaknesses. More information could be found in original news at darkREADING web site. |
